StackRox XSS via Role Name in Table Cells (CVE-2025-5198)
CVE-2025-5198 Published on May 27, 2025
Stackrox: xss in stackrox
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes Role object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
Vulnerability Analysis
CVE-2025-5198 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-5198 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2025-5198
stack.watch emails you whenever new vulnerabilities are published in Red Hat Advanced Cluster Security or Stackrox. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.